The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-ie-support).

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

On Some Symmetric Lightweight Cryptographic Designs

Author

  • Martin Ågren

Summary, in English

This dissertation presents cryptanalysis of several symmetric lightweight primitives, both stream ciphers and block ciphers. Further, some aspects of authentication in combination with a keystream generator is investigated, and a new member of the Grain family of stream ciphers, Grain-128a, with built-in support for authentication is presented.



The first contribution is an investigation of how authentication can be provided at a low additional cost, assuming a synchronous stream cipher is already implemented and used for encryption.



These findings are then used when presenting the latest addition to the Grain family of stream ciphers, Grain-128a. It uses a 128-bit key and a 96-bit initialization vector to generate keystream, and to possibly also authenticate the plaintext.



Next, the stream cipher BEAN, superficially similar to Grain, but notably using a weak output function and two feedback with carry shift registers (FCSRs) rather than linear and (non-FCSR) nonlinear feedback shift registers, is cryptanalyzed. An efficient distinguisher and a state-recovery attack is given. It is shown how knowledge of the state can be used to recover the key in a straightforward way.



The remainder of this dissertation then focuses on block ciphers. First, a related-key attack on KTANTAN is presented. The attack notably uses only a few related keys, runs in less than half a minute on a current computer, and directly contradicts the designers' claims. It is discussed why this is, and what can be learned from this.



Next, PRINTcipher is subjected to linear cryptanalysis. Several weak key classes are identified and it is shown how several observations of the same statistical property can be made for each plaintext--ciphertext pair.



Finally, the invariant subspace property, first observed for certain key classes in PRINTcipher, is investigated. In particular, its connection to large linear biases is studied through an eigenvector which arises inside the cipher and leads to trail clustering in the linear hull which, under reasonable assumptions, causes a significant number of large linear biases. Simulations on several versions of PRINTcipher are compared to the theoretical findings.

Publishing year

2012

Language

English

Document type

Dissertation

Topic

  • Electrical Engineering, Electronic Engineering, Information Engineering

Keywords

  • Lightweight cryptography
  • integrity
  • authentication
  • symmetric cryptography
  • stream ciphers
  • block ciphers
  • Grain-128a
  • BEAN
  • KTANTAN
  • \textsc{PRINTcipher}
  • FCSR combiner
  • related-key attack
  • linear cryptanalysis
  • linear correlations
  • invariant subspace attack.

Status

Published

Project

  • EIT_HSWC:Coding Coding, modulation, security and their implementation

Research group

  • Crypto and Security

ISBN/ISSN/Other

  • ISBN: 978-91-7473-391-4

Defence date

28 November 2012

Defence time

13:15

Defence place

Lecture hall E:1406, E-building, Ole Römers väg 3, Lund University Faculty of Engineering

Opponent

  • Vincent Rijmen (Prof.)